package cn.gq.sssm.shiro;

import cn.gq.sssm.pojo.User;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 * @author ASUS
 * @date 2020/5/8
 */
public class MyFormAuthenticationFilter extends FormAuthenticationFilter {

    @Override
    protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {





        //清除SaveRequest对象，把请求地址清除掉
        WebUtils.getAndClearSavedRequest(request);

        return super.onLoginSuccess(token, subject, request, response);
    }


    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {

        //从请求中获取Shiro的主体
        Subject subject = getSubject(request, response);

        //从主体中获取Shiro框架的Session
        Session session = subject.getSession();

        //如果主体没有认证(Session中认证)并且主体已经设置记住我了
        if (!subject.isAuthenticated() && subject.isRemembered()) {
            //获取主体的身份(从记住我的Cookie中获取)
            User principal = (User) subject.getPrincipal();
            System.out.println("user:"+principal);

            //将身份认证信息共享到Session中
            //Shiro自动从Session通过类型获取共享的身份信息,和名称无关
            session.setAttribute("USER_IN_SESSION",principal);

        }

        return subject.isAuthenticated() || subject.isRemembered();
    }
}
